From: "Daniel P. Berrange" <berrange@redhat.com>
To: stewart.becker@twbc.org.uk
Cc: Peter Rosin <peda@lysator.liu.se>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Re: PATCH: Secure TLS encrypted authentication for VNC
Date: Tue, 3 Jun 2008 20:24:48 +0100 [thread overview]
Message-ID: <20080603192448.GB22726@redhat.com> (raw)
In-Reply-To: <1212518890.7066.8.camel@ezekiel3>
On Tue, Jun 03, 2008 at 07:48:10PM +0100, Stewart Becker wrote:
> On Tue, 2008-06-03 at 12:31 +0200, Peter Rosin wrote:
> > Hi!
> >
> > Sorry for the response to this old post, but since it seems to be the
> > best reference for the VeNCrypt protocol on the web, I don't feel too
> > bad. Hopefully I got the message-id correct so that this post is
> > properly linked.
> >
>
> <snip>
>
> > I would like to point out that vencserver seems to be sending an
> > extra U8 (== 0x01. Is that a boolean? 0x00 means failure?) before
> > the SSL/TLS handshake is started. The QEMU implementation does
> > this also, so the bug is clearly in this "spec". This also affects
> > sub-types 258, 259, 260, 261 and 262.
>
> It's been a while since I looked at it, and don't have time immediately
> to check it in detail, but I think that this is the SecurityResult
> message as detailed in section 6.1.3 of the RFB specification.
> Re-reading it, I could probably have been more clear in my mail to Dan
> about where the VenCrypt extension rejoins the RFB protocol. The reason
> that I put this in the extension code instead of the "main" VNC code is
> that only the extension knows whether the success of failure message
> should be sent.
When I wrote the code I checked the interoperability of QEMU against the
VeNCrypt client, and the GTK-VNC client agains the VeNCrypt server and
QEMU server, so the impl is the defacto spec :-)
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
next prev parent reply other threads:[~2008-06-03 19:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-03 10:31 [Qemu-devel] Re: PATCH: Secure TLS encrypted authentication for VNC Peter Rosin
2008-06-03 18:48 ` Stewart Becker
2008-06-03 19:24 ` Daniel P. Berrange [this message]
2008-06-03 21:27 ` Peter Rosin
2008-06-03 22:37 ` Daniel P. Berrange
-- strict thread matches above, loose matches on Subject: below --
2007-02-24 16:54 [Qemu-devel] " Daniel P. Berrange
2007-02-28 21:27 ` [Qemu-devel] " S. I. Becker
2007-03-01 16:34 ` Daniel P. Berrange
2007-03-01 18:21 ` S. I. Becker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080603192448.GB22726@redhat.com \
--to=berrange@redhat.com \
--cc=peda@lysator.liu.se \
--cc=qemu-devel@nongnu.org \
--cc=stewart.becker@twbc.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.